Anomaly detection and mitigation at internet scale: a survey

Authors:
Jessica Steinberger;Lisa Schehlmann;Sebastian Abt;Harald Baier
Affiliations:
da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt, Darmstadt, Germany;da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt, Darmstadt, Germany;da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt, Darmstadt, Germany;da/sec - Biometrics and Internet Security Research Group, Hochschule Darmstadt, Darmstadt, Germany
Venue:
AIMS'13 Proceedings of the 7th IFIP WG 6.6 international conference on Autonomous Infrastructure, Management, and Security: emerging management mechanisms for the future internet - Volume 7943
Year:
2013

Citing 6
Cited 1

A Survey of Botnet and Botnet Detection

SECURWARE '09 Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and Technologies
Botnet: classification, attacks, detection, tracing, and preventive measures

ICICIC '09 Proceedings of the 2009 Fourth International Conference on Innovative Computing, Information and Control
BotTrack: tracking botnets using NetFlow and PageRank

NETWORKING'11 Proceedings of the 10th international IFIP TC 6 conference on Networking - Volume Part I
SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)

SP 800-94. Guide to Intrusion Detection and Prevention Systems (IDPS)
Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis

Proceedings of the 28th Annual Computer Security Applications Conference
RepCIDN: A Reputation-based Collaborative Intrusion Detection Network to Lessen the Impact of Malicious Alarms

Journal of Network and Systems Management

Situational awareness through reasoning on network incidents

Proceedings of the 4th ACM conference on Data and application security and privacy

Quantified Score

Hi-index	0.00

Visualization

Abstract

Network-based attacks pose a strong threat to the Internet landscape. There are different possibilities to encounter these threats. On the one hand attack detection operated at the end-users' side, on the other hand attack detection implemented at network operators' infrastructures. An obvious benefit of the second approach is that it counteracts a network-based attack at its root. It is currently unclear to which extent countermeasures are set up at Internet scale and which anomaly detection and mitigation approaches of the community may be adopted by ISPs. We present results of a survey, which aims at gaining insight in industry processes, structures and capabilities of IT companies and the computer networks they run. One result with respect to attack detection is that flow-based detection mechanisms are valuable, because those mechanisms could easily adapt to existing infrastructures. Due to the lack of standardized exchange formats, mitigation across network borders is currently uncommon.